systemd/mime/io.systemd.xml
Lennart Poettering 48d67957d5 creds-util: add a concept of "user-scoped" credentials
So far credentials are a concept for system services only: to encrypt or
decrypt credential you must be privileged, as only then you can access
the TPM and the host key.

Let's break this up a bit: let's add a "user-scoped" credential, that
are specific to users. Internally this works by adding another step to
the acquisition of the symmetric encryption key for the credential: if a
"user-scoped" credential is used we'll generate an symmetric encryption
key K as usual, but then we'll use it to calculate

    K' = HMAC(K, flags || uid || machine-id || username)

and then use the resulting K' as encryption key instead. This basically
includes the (public) user's identity in the encryption key, ensuring
that only if the right user credentials are specified the correct key
can be acquired.
2024-01-30 17:07:47 +01:00

47 lines
1.9 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
<mime-type type="application/x.systemd-sysext">
<sub-class-of type="application/vnd.efi.img"/>
<comment>System Extension DDI</comment>
<glob pattern="*.sysext.raw"/>
</mime-type>
<mime-type type="application/x.systemd-confext">
<sub-class-of type="application/vnd.efi.img"/>
<comment>Configuration Extension DDI</comment>
<glob pattern="*.confext.raw"/>
</mime-type>
<mime-type type="application/x.systemd-journal">
<comment>Journal Log File</comment>
<magic>
<match type="string" value="LPKSHHRH" offset="0"/>
</magic>
</mime-type>
<mime-type type="application/x.systemd-catalog">
<comment>Journal Message Catalog</comment>
<magic>
<match type="string" value="RHHHKSLP" offset="0"/>
</magic>
</mime-type>
<mime-type type="application/x.systemd-hwdb">
<comment>Hardware Database</comment>
<magic>
<match type="string" value="KSLPHHRH" offset="0"/>
</magic>
</mime-type>
<mime-type type="application/x.systemd-credential">
<comment>Encrypted Credential</comment>
<generic-icon name="security-high"/>
<magic>
<match type="string" value="Whxqht+dQJax1aZeCGLxm" offset="0"/>
<match type="string" value="VbntHThZTUOoMZ0uuzMqx" offset="0"/>
<match type="string" value="DHzAexF2RZGcSwvqCLwg/" offset="0"/>
<match type="string" value="+vfrk0HjQSyhpDb5Wik2L" offset="0"/>
<match type="string" value="k6iUCUh0RJCQyvL8k8q1U" offset="0"/>
<match type="string" value="70rBNnmpSA6n22iJf58WX" offset="0"/>
<match type="string" value="r0lQqEkTTrGnOEYwT/MMB" offset="0"/>
<match type="string" value="rbxMo++2QgG6iBtvLkCV6" offset="0"/>
<match type="string" value="BYRp2vb1QySABUnaD46i+" offset="0"/>
</magic>
</mime-type>
</mime-info>